Purpose
This article outlines expectations and requirements for securely accessing university systems and protecting institutional data while working remotely.
Scope
This guidance applies to:
- All faculty, staff, and authorized users working remotely
- All university-owned devices used off-campus
- Personally owned devices used to access NEOMED systems
General Expectations for Telecommuting
Employees working remotely are expected to:
- Maintain productivity and availability per their approved Flexible Work Arrangement.
- Use NEOMED systems in compliance with all Information Technology and Information Security policies.
- Ensure university data is protected at all times, regardless of work location.
Authorized Work Environment
Remote work must be conducted in a secure and appropriate environment:
- Avoid working in public or unsecured spaces when handling sensitive information
- Position screens to prevent unauthorized viewing (e.g., “shoulder surfing”)
- Lock your device when unattended (
Ctrl+Alt+Delete > Lock or equivalent)
Use of University-Owned Devices
University-issued devices are the preferred and required method for accessing NEOMED systems when provided.
Key requirements:
- Devices must remain compliant with NEOMED security configuration standards
- Users may not disable security tools (e.g., antivirus, endpoint protection, encryption)
- Devices must be connected to the internet regularly to receive updates
Do not let friends, family members, or other non-authorized individuals use university-owned devices. A university-issued device is for your use only.
Accessing NEOMED Systems
When working remotely:
- Use the NEOMED VPN when required
- Authenticate using multi-factor authentication (MFA) where prompted
- Only access systems necessary for your role
Personal Device Use (If Permitted)
If using a personal device:
- You must follow NEOMED security requirements, including:
- Up-to-date operating system and patches
- Active antivirus/endpoint protection
- Secure screen lock enabled
- Do not store sensitive data locally on personal devices
- Access should occur through secure, browser-based or virtualized environments when possible
Data Protection Requirements
All users must protect NEOMED data in accordance with data classification policies:
- Do not download or store sensitive data unnecessarily
- Use approved systems (OneDrive, SharePoint, Teams, etc.) for file storage and sharing
- Encrypt data when required
- Immediately report suspected data exposure or loss
Network Security
When working remotely:
- Avoid public and unsecured Wi-Fi networks whenever possible
- If public Wi-Fi must be used, connect through the NEOMED VPN
- Secure your home network:
- Change default router passwords
- Use WPA2/WPA3 encryption
Email and Phishing Awareness
Remote employees are frequent targets for phishing attacks:
- Be cautious of unexpected emails, links, or attachments
- Verify requests involving sensitive information or financial transactions
- Report suspicious emails using the Report Message function in Outlook or email help@neomed.edu
Physical Security
- Keep devices in your possession or secured at all times
- Do not leave devices in vehicles or unsecured locations
- Report lost or stolen devices immediately to IT (help@neomed.edu)
Support and Incident Reporting
If you experience issues or suspect a security incident:
- Contact the NEOMED IT Help Desk (help@neomed.edu)
- Report:
- Lost or stolen devices
- Suspicious activity or unauthorized access
- Malware or system compromise
Compliance
Failure to follow these guidelines may result in:
- Loss of remote work privileges
- Disciplinary action in accordance with university policy
Conclusion
Telecommuting is a privilege that requires strong adherence to both Flexible Work Arrangement expectations and NEOMED's Information Security and IT policies. Maintaining secure practices ensures:
- Protection of university data
- Continuity of operations
- Compliance with regulatory and institutional requirements